improving headers builder during jwt building

faogustavo · faogustavo · commit 7ec8fc44d84a · 2026-03-23T18:25:33.000-03:00
diff --git a/lib/src/commonMain/kotlin/co/touchlab/kjwt/builder/JwtBuilder.kt b/lib/src/commonMain/kotlin/co/touchlab/kjwt/builder/JwtBuilder.kt
@@ -45,7 +45,9 @@ import kotlin.uuid.ExperimentalUuidApi
 public class JwtBuilder {
     @PublishedApi
     internal val payloadBuilder: JwtPayload.Builder = JwtPayload.Builder()
-    private val headerBuilder: JwtHeader.Builder = JwtHeader.Builder()
+
+    @PublishedApi
+    internal val headerBuilder: JwtHeader.Builder = JwtHeader.Builder()
 
     /**
      * Sets the issuer (`iss`) claim.
@@ -169,7 +171,7 @@ public class JwtBuilder {
     public inline fun <reified T> claim(
         name: String,
         value: T,
-    ): JwtBuilder = apply { payloadBuilder.claim(name, value) }
+    ): JwtBuilder = claim(name, kotlinx.serialization.serializer<T>(), value)
 
     /**
      * Configures multiple claims at once using a DSL block applied to [JwtPayload.Builder].
@@ -179,6 +181,60 @@ public class JwtBuilder {
      */
     public fun claims(block: JwtPayload.Builder.() -> Unit): JwtBuilder = apply { payloadBuilder.block() }
 
+    /**
+     * Sets the token type (`typ`) header parameter.
+     *
+     * @param typ the token type; defaults to `"JWT"`
+     * @return this builder for chaining
+     */
+    public fun type(typ: String): JwtBuilder = apply { headerBuilder.type = typ }
+
+    /**
+     * Sets the content type (`cty`) header parameter.
+     *
+     * @param cty the content type
+     * @return this builder for chaining
+     */
+    public fun contentType(cty: String): JwtBuilder = apply { headerBuilder.contentType = cty }
+
+    /**
+     * Sets a raw extra header parameter using a pre-built [JsonElement].
+     *
+     * @param name the header parameter name
+     * @param value the header value as a [JsonElement]
+     * @return this builder for chaining
+     */
+    public fun header(
+        name: String,
+        value: JsonElement,
+    ): JwtBuilder = apply { headerBuilder.extra(name, value) }
+
+    /**
+     * Sets a typed extra header parameter using an explicit [SerializationStrategy].
+     *
+     * @param name the header parameter name
+     * @param serializer the serialization strategy for [T]
+     * @param value the header value, or `null` to remove the parameter
+     * @return this builder for chaining
+     */
+    public fun <T> header(
+        name: String,
+        serializer: SerializationStrategy<T>,
+        value: T?,
+    ): JwtBuilder = apply { headerBuilder.extra(name, serializer, value) }
+
+    /**
+     * Sets a typed extra header parameter, inferring the serializer from the reified type [T].
+     *
+     * @param name the header parameter name
+     * @param value the header value
+     * @return this builder for chaining
+     */
+    public inline fun <reified T> header(
+        name: String,
+        value: T,
+    ): JwtBuilder = header(name, kotlinx.serialization.serializer<T>(), value)
+
     /**
      * Configures JOSE header fields using a DSL block applied to [JwtHeader.Builder].
      *
diff --git a/lib/src/commonTest/kotlin/co/touchlab/kjwt/JwtBuilderHeaderTest.kt b/lib/src/commonTest/kotlin/co/touchlab/kjwt/JwtBuilderHeaderTest.kt
@@ -0,0 +1,222 @@
+package co.touchlab.kjwt
+
+import co.touchlab.kjwt.ext.contentType
+import co.touchlab.kjwt.ext.getHeader
+import co.touchlab.kjwt.ext.getHeaderOrNull
+import co.touchlab.kjwt.ext.type
+import co.touchlab.kjwt.model.algorithm.EncryptionAlgorithm
+import co.touchlab.kjwt.model.algorithm.EncryptionContentAlgorithm
+import co.touchlab.kjwt.model.algorithm.SigningAlgorithm
+import io.kotest.core.spec.style.FunSpec
+import kotlinx.serialization.builtins.serializer
+import kotlinx.serialization.json.JsonPrimitive
+import kotlin.test.assertEquals
+import kotlin.test.assertNull
+
+class JwtBuilderHeaderTest :
+    FunSpec({
+        context("JWS") {
+            test("type sets typ header") {
+                val key = hs256Key()
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .type("at+JWT")
+                        .signWith(SigningAlgorithm.HS256, key)
+                        .compact()
+
+                val jws =
+                    Jwt
+                        .parser()
+                        .verifyWith(SigningAlgorithm.HS256, key)
+                        .build()
+                        .parseSigned(token)
+
+                assertEquals("at+JWT", jws.header.type)
+            }
+
+            test("contentType sets cty header") {
+                val key = hs256Key()
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .contentType("JWT")
+                        .signWith(SigningAlgorithm.HS256, key)
+                        .compact()
+
+                val jws =
+                    Jwt
+                        .parser()
+                        .verifyWith(SigningAlgorithm.HS256, key)
+                        .build()
+                        .parseSigned(token)
+
+                assertEquals("JWT", jws.header.contentType)
+            }
+
+            test("header with JsonElement sets custom extra header") {
+                val key = hs256Key()
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .header("x-str", JsonPrimitive("hello"))
+                        .signWith(SigningAlgorithm.HS256, key)
+                        .compact()
+
+                val jws =
+                    Jwt
+                        .parser()
+                        .verifyWith(SigningAlgorithm.HS256, key)
+                        .build()
+                        .parseSigned(token)
+
+                assertEquals("hello", jws.header.getHeader("x-str"))
+            }
+
+            test("header with explicit serializer sets custom extra header") {
+                val key = hs256Key()
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .header("x-num", Int.serializer(), 42)
+                        .signWith(SigningAlgorithm.HS256, key)
+                        .compact()
+
+                val jws =
+                    Jwt
+                        .parser()
+                        .verifyWith(SigningAlgorithm.HS256, key)
+                        .build()
+                        .parseSigned(token)
+
+                assertEquals(42, jws.header.getHeader("x-num"))
+            }
+
+            test("header with explicit serializer and null value removes extra header") {
+                val key = hs256Key()
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .header("x-str", String.serializer(), null)
+                        .signWith(SigningAlgorithm.HS256, key)
+                        .compact()
+
+                val jws =
+                    Jwt
+                        .parser()
+                        .verifyWith(SigningAlgorithm.HS256, key)
+                        .build()
+                        .parseSigned(token)
+
+                assertNull(jws.header.getHeaderOrNull<String>("x-str"))
+            }
+
+            test("header reified infers serializer for custom extra header") {
+                val key = hs256Key()
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .header("x-str", "world")
+                        .signWith(SigningAlgorithm.HS256, key)
+                        .compact()
+
+                val jws =
+                    Jwt
+                        .parser()
+                        .verifyWith(SigningAlgorithm.HS256, key)
+                        .build()
+                        .parseSigned(token)
+
+                assertEquals("world", jws.header.getHeader("x-str"))
+            }
+        }
+
+        context("JWE") {
+
+            test("type sets typ header") {
+                val cek = aesSimpleKey(128)
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .type("at+JWT")
+                        .encryptWith(cek, EncryptionAlgorithm.Dir, EncryptionContentAlgorithm.A128GCM)
+                        .compact()
+
+                val jwe =
+                    Jwt
+                        .parser()
+                        .decryptWith(EncryptionAlgorithm.Dir, cek)
+                        .build()
+                        .parseEncrypted(token)
+
+                assertEquals("at+JWT", jwe.header.type)
+            }
+
+            test("contentType sets cty header") {
+                val cek = aesSimpleKey(128)
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .contentType("JWT")
+                        .encryptWith(cek, EncryptionAlgorithm.Dir, EncryptionContentAlgorithm.A128GCM)
+                        .compact()
+
+                val jwe =
+                    Jwt
+                        .parser()
+                        .decryptWith(EncryptionAlgorithm.Dir, cek)
+                        .build()
+                        .parseEncrypted(token)
+
+                assertEquals("JWT", jwe.header.contentType)
+            }
+
+            test("header with JsonElement sets custom extra header") {
+                val cek = aesSimpleKey(128)
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .header("x-str", JsonPrimitive("hello"))
+                        .encryptWith(cek, EncryptionAlgorithm.Dir, EncryptionContentAlgorithm.A128GCM)
+                        .compact()
+
+                val jwe =
+                    Jwt
+                        .parser()
+                        .decryptWith(EncryptionAlgorithm.Dir, cek)
+                        .build()
+                        .parseEncrypted(token)
+
+                assertEquals("hello", jwe.header.getHeader("x-str"))
+            }
+
+            test("header reified infers serializer for custom extra header") {
+                val cek = aesSimpleKey(128)
+                val token =
+                    Jwt
+                        .builder()
+                        .subject("user")
+                        .header("x-str", "world")
+                        .encryptWith(cek, EncryptionAlgorithm.Dir, EncryptionContentAlgorithm.A128GCM)
+                        .compact()
+
+                val jwe =
+                    Jwt
+                        .parser()
+                        .decryptWith(EncryptionAlgorithm.Dir, cek)
+                        .build()
+                        .parseEncrypted(token)
+
+                assertEquals("world", jwe.header.getHeader("x-str"))
+            }
+        }
+    })
